CVE-2020-8793: Race Condition
First published: Tue Feb 25 2020(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opensmtpd Opensmtpd | <6.6.4 | |
| Fedoraproject Fedora | =32 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.10 | |
| debian/opensmtpd | 6.8.0p2-3 6.8.0p2-4 7.5.0p0-1 |
Remedy
Ubuntu ships with /proc/sys/fs/protected_hardlinks enabled by default, making this vulnerability not exploitable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/fulldisclosure/2020/Feb/28
- http://www.openwall.com/lists/oss-security/2020/02/24/4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/
- https://usn.ubuntu.com/4294-1/
- https://www.openbsd.org/security.html
- https://launchpad.net/bugs/cve/CVE-2020-8793
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/
- https://www.openwall.com/lists/oss-security/2020/02/24/4
- https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/021_smtpd_envelope.patch.sig
- https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/
- https://security-tracker.debian.org/tracker/CVE-2020-8793
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8793
- https://nvd.nist.gov/vuln/detail/CVE-2020-8793
- https://ubuntu.com/security/CVE-2020-8793
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2020-8793.
What is the severity of CVE-2020-8793?
The severity of CVE-2020-8793 is medium.
How does CVE-2020-8793 impact OpenSMTPD?
CVE-2020-8793 allows local users to read arbitrary files on some Linux distributions due to an untrusted search path and race conditions in OpenSMTPD.
Which versions of OpenSMTPD are affected by CVE-2020-8793?
OpenSMTPD versions before 6.6.4 are affected by CVE-2020-8793.
How can I mitigate the vulnerability CVE-2020-8793?
To mitigate CVE-2020-8793, you should update OpenSMTPD to version 6.6.4 or apply the recommended fixes for your specific distribution.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- agent/weakness
- agent/description
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/usn-cve
- source/Ubuntu
- vendor/opensmtpd
- canonical/opensmtpd opensmtpd
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.10
- package-manager/debian